Research On Denial Of Service Attacks And Self-similar Network Traffic

With the increasing popularity of Internet technology and development, network and people's daily lives are getting closer. In the early development of the Internet for discussions on network security has never stopped, and as people's growing dependence of computer networks, network security today is even more important. The current network intrusion increasing frequency, the danger of invasion is also growing, especially the consumption of network resources intrusions intensified. DoS (denial of service, Denial of Service) attack against the validity of Web services as a damage and the victim host or network can not be outside in time to receive and process a request, or unable to respond to outside requests, and thus can not provide normal service to legitimate users to form a denial of service. DDoS (Distributed Deny of Service) attacks is the use of a sufficient number of proxy machines generate a huge number of attack packets to one or more targets for DoS attacks, draining the resources of the injured side, so that the loss of the injured host to provide normal network services. DDoS attack is currently the most serious threats to network security is one of the challenges of network availability. Facing increasingly severe DDoS attack, how to prevent DDoS attacks have become a Han to be resolved.In this paper, DDoS attacks on background to the study, analyzed the causes of DDoS attacks, introduced the technical principle of DDoS attacks, attack and several attack tools works. And then describes the response to DDoS attacks, DDoS attack detection, packet filtering, attack path tracing, several mainstream technologies such as honey pot. Then introduced the self-similar theory in DDoS attack detection in the field of application, analysis of several self-similar network traffic model and several calculation method of Hurst coefficient.Based on the above for low-speed DDoS attacks, this paper presents a Hurst coefficient based DDoS attack detection methods, and conduct the relevant tests, test results show that the way to achieve a real-time detection of a mixed normal in the data DDoS attack traffic purposes.